Enforcement Center Page

Use the Enforcement Center page to create, view, modify, duplicate, run and delete Enforcement Sets, and view the Enforcement Set tasks.

Each Enforcement Set executes a saved query (which can represent a security policy) and then automatically performs an action on the query results (policy gaps) to bridge, mitigate, notify or create incidents on the identified gaps.

To open the Enforcement Center page, click the icon on the left navigation panel.

The Enforcement Center page consists of the following main elements:

1. Search Bar

Use Search to filter the Enforcement Sets displayed using free text search on all text fields: Name, Main Action and Trigger Query Name.

To search for specific Enforcement Sets in the Search bar, type search text (not case sensitive) and press Enter.

2. Total Results

Displays the total number of Enforcement Sets found for the search criteria on the top left side of the Enforcement Sets table. If no filtering is done, the total results represent the total number of Enforcement Sets defined.

3. Actions

   Opens the Actions menu for selected Enforcement Sets, to 'Duplicate', 'Delete' or 'Run' Enforcement Sets.
   See:

   • Duplicating Enforcement Sets,
   • Deleting Existing Enforcement Sets
   • Running Enforcement Sets.

4. Add Enforcement

Use to configure a new Enforcement Set. For more details, see Creating New Enforcement Sets.

5. View Tasks

Displays the Enforcement Sets running instances in the Enforcement Tasks page. For more details, see Enforcement Tasks Page.

Running Enforcement Sets

You can run one or more Enforcement Sets which have automation or a trigger (a query) configured.

1. To run one or more Enforcement Sets, select the Enforcement Set checkboxes. The number of selected records is then displayed next to the total results. You can also select all records in the table, or clear your selection.

3. Click Actions

   

   3. From the menu that opens select Run to run the selected Enforcement Sets; the system asks you to confirm your choice. Only enforcements with a query configured will run. Once you confirm, the Enforcement Sets run.

Enforcement Sets Table

Displays the configured Enforcement Sets information, including:

• Name – the Enforcement Set name
• Last Updated – when the Enforcement Set was updated
• Main Action Name – the Enforcement Set main action name
• Main Action Type – the Enforcement Set main action type
• Trigger Query Name – the selected saved query for the Enforcement Set trigger
• Trigger Schedule - the trigger schedule type, if configured.
• Last Triggered – the last time the Enforcement Set was triggered
• Times Triggered – the number of times the Enforcement Set was triggered
• Updated by - the name of the last user who updated the Enforcement Set.
  • The user name is displayed with a prefix:
    • Internal - A user who was defined internally in Axonius by one of the system admins.
    • SAML or LDAP - A user who logged in using the LDAP or SAML based login options.
  • If the user no longer exists in the system, the displayed user name is displayed with a “(deleted)” suffix.
  • Hover over the field to display the user first and last name in addition to the user name, if this exists.
    
    

Table Navigation Elements
By default, 20 results are displayed in each table page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table:
Use the pagination bar on the bottom right side of the table to move between pages:

For more information about working with Enforcement Sets see:

• Creating New Enforcement Sets
• Viewing and Modifying Existing Enforcement Sets
• Duplicating Enforcement Sets
• Deleting Existing Enforcement Sets